Microsoft SharePoint software-related hacks claim 400 victims – report

Researchers at Netherlands-based Eye Security said that there have been nearly 400 victims of hacking related to vulnerabilities in Microsoft (NASDAQ:MSFT) software SharePoint, Reuters reported.

The numbers, which are derived from a count of digital artifacts found during scans of servers running vulnerable versions of Microsoft’s SharePoint software, compare to about 100 organizations cataloged over the weekend. Eye Security said the number is likely an undercount, the report added.

Microsoft did not immediately respond to a request for comment from Seeking Alpha.

“There are many more, because not all attack vectors have left artifacts that we could scan for,” said Vaisha Bernard, the chief hacker for Eye Security, which was among the first firms to flag the breaches, the report noted.

The details related to most of the victim organizations were not fully disclosed. Bernard declined to identify them, according to the report.

Earlier on Wednesday, it was reported that hackers used SharePoint’s flaws to break into the U.S. National Nuclear Security Administration. However, no sensitive or classified information is known to have been compromised in the attack.

On Tuesday, Microsoft said in a blog that Chinese hackers have been exploiting vulnerabilities in its SharePoint software, which led to breaches recently. The company said it observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting these vulnerabilities targeting internet-facing SharePoint servers. In addition, it has seen another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities.

In a statement, the Chinese Embassy in Washington said that China firmly opposes all forms of cyberattacks and cybercrime.